It seems that security wonks are finally catching up to the dangers of “typo” domains.
If an article in ITWorld is any indication, security pros haven’t seen typosquatting as a big threat to businesses. They view it as a marketing/legal problem of someone profiting off the company’s trademark. The only security issue they see is phishing.
But as the article points out, typo domains get their fair share of typo’d emails, too.
Well, duh. This is something I and many others in the domain industry been preaching to companies for years. The same goes for companies that have difficult to spell domains or hyphens. Do you think the only damage Flickr.com incurred for not having Flicker.com was the 150,000 visitors a month who went to the “incorrectly” spelled site? The owner of Flicker.com could have intercepted lots of sensitive email meant for the company.
If you have a non-typo domain that gets traffic, you still receive errant e-mails. I’ve received e-mails from people meant for others that include sensitive information such as social security numbers. And we’re not talking about typos here; this is from generic domains that people confuse with another. Often times the sender means to type domain.net or domain.co.uk and types domain.com instead.
Hopefully companies will wake up to the importance of using an easy-to-spell .com domain name without hyphens and also to registering common typos.
Security professionals sometimes focus on the technically challenging problems rather than the ones right in front of their noses.
Patrick says
“Well, duh. This is something I and many others in the domain industry been preaching to companies for years.”
Well, duh is right!
If people can misdial a telephone number, it should be quite obvious that they can and will mistype an email address.
If the misdialed tel # does not exist, they’ll simply get a recording that the #
is not valid.
If the tel # exists,the call will go through.
I get calls all the time from people who have lost luggage with one of the major airlines
simply because the caller is dialing the wrong area code.
The “Touch Tone Terrorist”,now called “Junkyard Willie”, made a business out of misdialed customer service calls.
The caller unknowingly dialed Customer Service From Hell where the customer
is always wrong.
It was quite hilarious. IMHO
Email is no different than a telephone call.
Patrick